Appendix B:
Information about the processing (Case: the Customer is not an employer)
This appendix provides detailed information about personal data processing, when the Customer is not an employer, and thus the data subjects are not the Customer’s employees. Public sector customers may also provide services citizens as well as employees, the latter cases are covered in Appendix A.
B.1. The purpose of the data processor’s processing of personal data on behalf of the data controller
The Customer provides a wellbeing promotion program utilising the HeiaHeia digital service provided by HeiaHeia Oy, based on the commercial terms set in the Commercial agreement between HeiaHeia Oy and the Customer. The purpose of Processing of Personal Data is to provide a wellbeing-improving service for end-users.
B.2. The nature of the data processor’s processing of personal data on behalf of the data controller
The Parties hereby agree that the scope and manner of Personal Data Processing shall be the following:
The Customer provides a wellbeing promotion program utilising the HeiaHeia digital service provided by HeiaHeia Oy, based on the commercial terms set in the Commercial agreement between HeiaHeia Oy and the Customer.
HeiaHeia is a "freemium SaaS service" consisting of a free service level and premium services provided via "communities". Personal data processing in HeiaHeia governed by this agreement takes place in the context of communities, one customer may run many communities, which may have different functionality enabled, different sets of users (data subjects), and different personal data processing related controller-processor roles.
The Act on the Protection of Privacy in Working Life (of the Finnish law, Työelämän tietosuojalaki in Finnish) limits how and what kind of personal data of employees an employer can process (and thus limits the employer’s possible privacy related roles). Employers need to have a lawful purpose and a reason related to the occupation of the employee for processing any personal data of the employee, and some data types (such as health or location data) are seen as particularly sensitive, processing those is not allowed without a specific reason related to meeting obligations or rights of the employer or the employee. In HeiaHeia, such requirements are not met: for employees, the Customer’s data processing role is limited to special cases listed in Appendix A; for Customers that are not employers, the role is typically the data controller.
Personal data processing governed by this agreement shall consist of the following cases:
1) Email invitations
In the case of the Customer inviting users to HeiaHeia via email, the Customer is the Data Controller for the list of, which includes personal data (e.g. names and emails) and HeiaHeia is a Data Processor on behalf of the Data Controller.
After end-users have given consent for data processing, the Customer remains the Data Controller for the original list of invitees, which may contain both individuals, who have given consent and individuals, who have not given consent, and HeiaHeia remains a Data Processor for this list.
2) Personal data created after consent
HeiaHeia is a “freemium SaaS service" (a service that consists of for-free and paid-for service levels), where Controller-Processor roles can be depicted with the Community Interface Model, as described below. The complete model includes elements outside of the scope of this agreement, but are described below for clarity. The scope of this agreement is data processing by HeiaHeia on behalf of the Customer, as described below. In the following, the term “Partner” refers to the Customer.
Background of the Community Interface Model:
The pivot point of this model is The Community Interface, which forms a Controller Demarcation Line (a separation line for separate registers of personal data with separate data controllers). The Controller Demarcation Line indicates the point at which this responsibility (controllership) changes hands.
The purpose of this model is to reconcile and clarify data control and data processing in the case of a free / B2C relationship that pre-dates the Partner (Customer) relationship, and/or an end-user wishing to continue using the free / B2C service after severing ties with the Customer. The Community Interface creates the legal and technical space to allow (repeatedly) shifting data controllership.
Description of the Community Interface model:
HeiaHeia is the data controller for all data held solely within its servers. This controllership can be initiated by the end-user (e.g. through the free service). As the model shows, this relationship may commence before any relationship with the Customer.
HeiaHeia provides a Community Interface that crosses the Controller Demarcation Line. In essence, the Community Interface encapsulates the technical and legal controls that allows HeiaHeia to transfer and then regain controllership between Customers. When HeiaHeia provides access to data held within its servers through the Community Interface, the Partner (Customer) becomes the controller and HeiaHeia becomes a data processor on behalf of the Partner. This shift happens by granting the Partner the ability to use/extract the data for its own purposes. The double-sided arrow in the model indicates the ability for controllership of the data to cross back over the demarcation line. Securing this ability is handled in both the Privacy Policy and the DPA.
The Community Interface serves as the ”control center” for Partners and allows an easy way for Partners to manage the content of the service as well as gather, analyse, and modify well-being data for research purposes as well as for tracking and/or improving the well-being of data subjects.
Linking of Personal Data to the Community Interface (disclosure) requires end-user consent.
The functionality offered by and content managed by the Community Interface maybe be adjusted by HeiaHeia in accordance with the Commercial Agreement and end-user consent. HeiaHeia can gradually extend the functionality of The Community Interface without disturbing the controller/processor balance.
HeiaHeia shall remain the controller of the data that is collected by HeiaHeia prior to the Partner relationship. HeiaHeia shall have the right to extract all and any personal data from the Interface and use it for the original purpose of data processing as described in the end-user consent (i.e. extracting end-user wellbeing data for providing the free service). For clarity, HeiaHeia does not have any rights for any intellectual property or other content of the Partner or customers of the Partner. HeiaHeia will act as a controller for any data that it extracts from the Interface. This establishes the ability to cross back over the Controller Demarcation Line.
HeiaHeia shall be the sole controller of the data retained in its own systems, outside of the Community Interface. HeiaHeia shall have the right at any point in time to dispose, block, modify or otherwise use this data.
The end-user may at any time remove consents for different service elements, which results in removing personal data from those service elements.
3) Premium service discontinued
In the case of the paid-for service being discontinued for an end-user for whatsoever reason (Partner discontinuing, end-user discontinuing the use of the HeiaHeia premium service), the end-user continues as a user of the free service level of HeiaHeia, for which HeiaHeia is the sole data controller, and the Partner's controllership ends. For clarity, the end-user may at any point discontinue using the free service level (remove all personal data from HeiaHeia), which causes the personal data to be removed from all parts of the service and from all registers within the scope of HeiaHeia.
B.3. Types of personal data about data subjects included in the processing
- Personal details: Name, email address
- End-user memberships and consents: community memberships (B2B community consent), team memberships, participant list consent
- End-user’s activity data, wellbeing tasks completed, programs started, surveys answered, and other data entered to the service by the user in the scope of the premium community
- Admin and coach roles
- Reporting content: aggregate activity data, aggregate step data, aggregate wellbeing task completion data, wellbeing point summary, team memberships, aggregate social activity
- Log files
- The detailed contents of this personal data register are listed in the HeiaHeia Privacy Policy: www.heiaheia.com/privacy
B.4. Data subject categories included in the processing
- Admin users
- End-users
B.5. Duration of the data processor’s processing of personal data on behalf of the data controller
In HeiaHeia, end-users own and control their own personal data. The service includes a free subscription level, which end-users can utilise prior to joining any premium services levels, and can continue utilising, if their access to a premium service is discontinued for any reason. If the user’s membership in a community is discontinued by either the user leaving the community (user removes community consent), the user being removed from the community or the community being discontinued (e.g. the Customer discontinues offering the HeiaHeia service), HeiaHeia continues as the data controller of the free service, and the Customer's controllership ends.
HeiaHeia continues processing the email list of invitees as long as the commercial agreement with the Customer continues.
If a user removes consents from the free and the premium services, the user's personal data is removed from the service and all personal data processing, for which HeiaHeia is a controller, discontinues.
Appendix C:
Information about the processing (Case: the Customer is a reseller, whose customer is an employer)
This appendix provides detailed information about personal data processing, when the Customer is a reseller, providing wellbeing challenges or wellbeing coaching to either private or public sector employers, and the data subjects are employees. Resellers for the public sector may also provide services for citizens, these cases are covered in Appendix D.
C.1. The purpose of the data processor’s processing of personal data on behalf of the data controller
The Customer is a reseller providing employee wellbeing programs utilising the HeiaHeia digital service provided by HeiaHeia Oy, based on the commercial terms set in the Commercial agreement between HeiaHeia Oy and the Customer. The purpose of Processing of Personal Data is to provide a wellbeing-improving service for the employees of the Customer's customers.
C.2. The nature of the data processor’s processing of personal data on behalf of the data controller
The Parties hereby agree that the scope and manner of Personal Data Processing shall be the following:
The Customer is a reseller providing employee wellbeing programs utilising the HeiaHeia digital service provided by HeiaHeia Oy, based on the commercial terms set in the Commercial agreement between HeiaHeia Oy and the Customer.
HeiaHeia is a "freemium SaaS service" consisting of a free service level and premium services provided via "communities". Personal data processing in HeiaHeia governed by this agreement takes place in the context of communities, one customer may run many communities, which may have different functionality enabled, different sets of users (data subjects), and different personal data processing related controller-processor roles.
The Act on the Protection of Privacy in Working Life (of the Finnish law, Työelämän tietosuojalaki in Finnish) limits how and what kind of personal data of employees an employer can process (and thus limits the employer’s possible privacy related roles). Employers need to have a lawful purpose and a reason related to the occupation of the employee for processing any personal data of the employee, and some data types (such as health or location data) are seen as particularly sensitive, processing those is not allowed without a specific reason related to meeting obligations or rights of the employer or the employee. In HeiaHeia, such requirements are not met: an employer's data processing role is limited to special cases listed below.
Personal data processing governed by this agreement shall consist of the following cases:
1) Email invitations
In the case of an Employer inviting users to HeiaHeia via email, the Employer is the Data Controller for the list of, which includes personal data (e.g. names and emails), the Customer is a Data Processor on behalf of the Data Controller, and HeiaHeia is a Sub-Processor on behalf of the Customer.
After end-users have given consent for data processing, the Employer remains the Data Controller for the original list of invitees, which may contain both individuals, who have given consent and individuals, who have not given consent, the Customer remains a Data Processor for this list, and HeiaHeia remains a Sub-Processor.
2) Personal data created after consent
HeiaHeia is a “freemium SaaS service" (a service that consists of for-free and paid-for service levels), where Controller-Processor roles can be depicted with the Community Interface Model, as described below. The complete model includes elements outside of the scope of this agreement, but are described below for clarity. The scope of this agreement is data processing by HeiaHeia on behalf of the Customer, as described below. In the following, the term “Partner” refers to the Customer.
Background of the Community Interface Model:
The pivot point of this model is The Community Interface, which forms a Controller Demarcation Line (a separation line for separate registers of personal data with separate data controllers). The Controller Demarcation Line indicates the point at which this responsibility (controllership) changes hands.
The purpose of this model is to reconcile and clarify data control and data processing in the case of a free / B2C relationship that pre-dates the Partner (Customer) relationship, and/or an end-user wishing to continue using the free / B2C service after severing ties with the Customer. The Community Interface creates the legal and technical space to allow (repeatedly) shifting data controllership.
Description of the Community Interface model:
HeiaHeia is the data controller for all data held solely within its servers. This controllership can be initiated by the end-user (e.g. through the free service). As the model shows, this relationship may commence before any relationship with the Customer.
HeiaHeia provides a Community Interface that crosses the Controller Demarcation Line. In essence, the Community Interface encapsulates the technical and legal controls that allows HeiaHeia to transfer and then regain controllership between Customers. When HeiaHeia provides access to data held within its servers through the Community Interface, the Partner (Customer) becomes the controller and HeiaHeia becomes a data processor on behalf of the Partner. This shift happens by granting the Partner the ability to use/extract the data for its own purposes. The double-sided arrow in the model indicates the ability for controllership of the data to cross back over the demarcation line. Securing this ability is handled in both the Privacy Policy and the DPA.
The Community Interface serves as the ”control center” for Partners and allows an easy way for Partners to manage the content of the service as well as gather, analyse, and modify well-being data for research purposes as well as for tracking and/or improving the well-being of data subjects.
Linking of Personal Data to the Community Interface (disclosure) requires end-user consent.
The functionality offered by and content managed by the Community Interface maybe be adjusted by HeiaHeia in accordance with the Commercial Agreement and end-user consent. HeiaHeia can gradually extend the functionality of The Community Interface without disturbing the controller/processor balance.
HeiaHeia shall remain the controller of the data that is collected by HeiaHeia prior to the Partner relationship. HeiaHeia shall have the right to extract all and any personal data from the Interface and use it for the original purpose of data processing as described in the end-user consent (i.e. extracting end-user wellbeing data for providing the free service). For clarity, HeiaHeia does not have any rights for any intellectual property or other content of the Partner or customers of the Partner. HeiaHeia will act as a controller for any data that it extracts from the Interface. This establishes the ability to cross back over the Controller Demarcation Line.
HeiaHeia shall be the sole controller of the data retained in its own systems, outside of the Community Interface. HeiaHeia shall have the right at any point in time to dispose, block, modify or otherwise use this data.
The end-user may at any time remove consents for different service elements, which results in removing personal data from those service elements.
3) Premium service discontinued
In the case of the paid-for service being discontinued for an end-user for whatsoever reason (Partner discontinuing, end-user discontinuing the use of the HeiaHeia premium service), the end-user continues as a user of the free service level of HeiaHeia, for which HeiaHeia is the sole data controller, and the Partner's controllership ends. For clarity, the end-user may at any point discontinue using the free service level (remove all personal data from HeiaHeia), which causes the personal data to be removed from all parts of the service and from all registers within the scope of HeiaHeia.
C.3. Types of personal data about data subjects included in the processing
- Personal details: Name, email address
- End-user memberships and consents: community memberships (B2B community consent), team memberships, participant list consent
- Admin and coach roles
- Reporting content: aggregate activity data, aggregate step data, aggregate wellbeing task completion data, wellbeing point summary, team memberships, aggregate social activity
- The detailed contents of this personal data register are listed in the HeiaHeia Privacy Policy: www.heiaheia.com/privacy
C.4. Data subject categories included in the processing
- Admin users
- End-users
C.5. Duration of the data processor’s processing of personal data on behalf of the data controller
In HeiaHeia, end-users own and control their own personal data. The service includes a free subscription level, which end-users can utilise prior to joining any premium services levels, and can continue utilising, if their access to a premium service is discontinued for any reason. If the user’s membership in a community is discontinued by either the user leaving the community (user removes community consent), the user being removed from the community (e.g. the user’s employment status changing) or the community being discontinued (e.g. the user’s employer discontinues offering the HeiaHeia service), HeiaHeia continues as the data controller of the free service.
HeiaHeia continues processing the email list of invitees as long as the commercial agreement with the Customer continues. If a user’s membership in a community is discontinued, the user’s data is longer included in the reporting, and HeiaHeia discontinues processing this data. If a user removes consents from the free and the premium services, the user's personal data is removed from the service and all personal data processing, for which HeiaHeia is a controller, discontinues.
Appendix D:
Information about the processing (Case: the Customer is a reseller, whose customer is not an employer)
This appendix provides detailed information about personal data processing, when the Customer is a reseller, providing wellbeing challenges or wellbeing coaching to its customers (later: 'end-customer', 'end-customers'), and the data subjects are not employees of the end-customer. Resellers for the public sector may also provide services for public sector employees, these cases are covered in Appendix C.
D.1. The purpose of the data processor’s processing of personal data on behalf of the data controller
The Customer is a reseller providing wellbeing promotion programs utilising the HeiaHeia digital service provided by HeiaHeia Oy, based on the commercial terms set in the Commercial agreement between HeiaHeia Oy and the Customer. The purpose of Processing of Personal Data is to provide a wellbeing-improving service for end-users nominated by the end-customer.
D.2. The nature of the data processor’s processing of personal data on behalf of the data controller
The Parties hereby agree that the scope and manner of Personal Data Processing shall be the following:
The Customer is a reseller providing wellbeing promotion programs utilising the HeiaHeia digital service provided by HeiaHeia Oy, based on the commercial terms set in the Commercial agreement between HeiaHeia Oy and the Customer.
HeiaHeia is a "freemium SaaS service" consisting of a free service level and premium services provided via "communities". Personal data processing in HeiaHeia governed by this agreement takes place in the context of communities, one customer may run many communities, which may have different functionality enabled, different sets of users (data subjects), and different personal data processing related controller-processor roles.
Personal data processing governed by this agreement shall consist of the following cases:
1) Email invitations
In the case of an end-customer inviting users to HeiaHeia via email, the end-customer is the Data Controller for the list of, which includes personal data (e.g. names and emails), the Customer is a Data Processor on behalf of the Data Controller, and HeiaHeia is a Sub-Processor on behalf of the Customer.
After end-users have given consent for data processing, the end-customer remains the Data Controller for the original list of invitees, which may contain both individuals, who have given consent and individuals, who have not given consent, the Customer remains a Data Processor for this list, and HeiaHeia remains a Sub-Processor.
2) Personal data created after consent
HeiaHeia is a “freemium SaaS service" (a service that consists of for-free and paid-for service levels), where Controller-Processor roles can be depicted with the Community Interface Model, as described below. The complete model includes elements outside of the scope of this agreement, but are described below for clarity. The scope of this agreement is data processing by HeiaHeia on behalf of the Customer, as described below. In the following, the term “Partner” refers to the Customer.
Background of the Community Interface Model:
The pivot point of this model is The Community Interface, which forms a Controller Demarcation Line (a separation line for separate registers of personal data with separate data controllers). The Controller Demarcation Line indicates the point at which this responsibility (controllership) changes hands.
The purpose of this model is to reconcile and clarify data control and data processing in the case of a free / B2C relationship that pre-dates the Partner (Customer) relationship, and/or an end-user wishing to continue using the free / B2C service after severing ties with the Customer. The Community Interface creates the legal and technical space to allow (repeatedly) shifting data controllership.
Description of the Community Interface model:
HeiaHeia is the data controller for all data held solely within its servers. This controllership can be initiated by the end-user (e.g. through the free service). As the model shows, this relationship may commence before any relationship with the Customer.
HeiaHeia provides a Community Interface that crosses the Controller Demarcation Line. In essence, the Community Interface encapsulates the technical and legal controls that allows HeiaHeia to transfer and then regain controllership between Customers. When HeiaHeia provides access to data held within its servers through the Community Interface, in the case of this Appendix D, the end-customer becomes the the controller, the Customer becomes a data processor on behalf of the end-customer, and HeiaHeia becomes a sub-processor on behalf of the Customer. This shift happens by granting the end-customer the ability to use/extract the data for its own purposes. The double-sided arrow in the model indicates the ability for controllership of the data to cross back over the demarcation line. Securing this ability is handled in both the Privacy Policy and the DPA.
The Community Interface serves as the ”control center” for end-customers and Partners and allows an easy way for end-customers and Partners to manage the content of the service as well as gather, analyse, and modify well-being data for research purposes as well as for tracking and/or improving the well-being of data subjects.
Linking of Personal Data to the Community Interface (disclosure) requires end-user consent.
The functionality offered by and content managed by the Community Interface maybe be adjusted by HeiaHeia in accordance with the Commercial Agreement and end-user consent. HeiaHeia can gradually extend the functionality of The Community Interface without disturbing the controller/processor balance.
HeiaHeia shall remain the controller of the data that is collected by HeiaHeia prior to the Partner relationship. HeiaHeia shall have the right to extract all and any personal data from the Interface and use it for the original purpose of data processing as described in the end-user consent (i.e. extracting end-user wellbeing data for providing the free service). For clarity, HeiaHeia does not have any rights for any intellectual property or other content of the Partner or customers of the Partner. HeiaHeia will act as a controller for any data that it extracts from the Interface. This establishes the ability to cross back over the Controller Demarcation Line.
HeiaHeia shall be the sole controller of the data retained in its own systems, outside of the Community Interface. HeiaHeia shall have the right at any point in time to dispose, block, modify or otherwise use this data.
The end-user may at any time remove consents for different service elements, which results in removing personal data from those service elements.
3) Premium service discontinued
In the case of the paid-for service being discontinued for an end-user for whatsoever reason (Partner discontinuing, end-user discontinuing the use of the HeiaHeia premium service), the end-user continues as a user of the free service level of HeiaHeia, for which HeiaHeia is the sole data controller, and the end-customer's controllership ends. For clarity, the end-user may at any point discontinue using the free service level (remove all personal data from HeiaHeia), which causes the personal data to be removed from all parts of the service and from all registers within the scope of HeiaHeia.
D.3. Types of personal data about data subjects included in the processing
- Personal details: Name, email address
- End-user memberships and consents: community memberships (B2B community consent), team memberships, participant list consent
- Admin and coach roles
- Reporting content: aggregate activity data, aggregate step data, aggregate wellbeing task completion data, wellbeing point summary, team memberships, aggregate social activity
- Log files
- The detailed contents of this personal data register are listed in the HeiaHeia Privacy Policy: www.heiaheia.com/privacy
D.4. Data subject categories included in the processing
- Admin users
- End-users
D.5. Duration of the data processor’s processing of personal data on behalf of the data controller
In HeiaHeia, end-users own and control their own personal data. The service includes a free subscription level, which end-users can utilise prior to joining any premium services levels, and can continue utilising, if their access to a premium service is discontinued for any reason. If the user’s membership in a community is discontinued by either the user leaving the community (user removes community consent), the user being removed from the community (e.g. the user’s employment status changing) or the community being discontinued (e.g. the user’s employer discontinues offering the HeiaHeia service), HeiaHeia continues as the data controller of the free service.
HeiaHeia continues processing the email list of invitees as long as the commercial agreement with the Customer continues. If a user’s membership in a community is discontinued, the user’s data is longer included in the reporting, and HeiaHeia discontinues processing this data. If a user removes consents from the free and the premium services, the user's personal data is removed from the service and all personal data processing, for which HeiaHeia is a controller, discontinues.
Lataa sovellus!
